As “open-source” models move beyond software into other businesses, their limitations are becoming apparent

EVERY time internet users search on Google, shop at Amazon or trade on eBay, they rely on open-source software—products that are often built by volunteers and cost nothing to use. More than two-thirds of websites are hosted using Apache, an open-source product that trounces commercial rivals. Wikipedia, an online encyclopedia with around 2.6m entries in more than 120 languages, gets more visitors each day than the New York Times's site, yet is created entirely by the public. There is even an open-source initiative to develop drugs to treat diseases in poor countries.

The “open-source” process of creating things is quickly becoming a threat—and an opportunity—to businesses of all kinds. Though the term at first described a model of software development (where the underlying programming code is open to inspection, modification and redistribution), the approach has moved far beyond its origins. From legal research to biotechnology, open-business practices have emerged as a mainstream way for collaboration to happen online. New business models are being built around commercialising open-source wares, by bundling them in other products or services. Though these might not contain any software “source code”, the “open-source” label can now apply more broadly to all sorts of endeavour that amalgamate the contributions of private individuals to create something that, in effect, becomes freely available to all.

However, it is unclear how innovative and sustainable open source can ultimately be. The open-source method has vulnerabilities that must be overcome if it is to live up to its promise. For example, it lacks ways of ensuring quality and it is still working out better ways to handle intellectual property.

But the biggest worry is that the great benefit of the open-source approach is also its great undoing. Its advantage is that anyone can contribute; the drawback is that sometimes just about anyone does. This leaves projects open to abuse, either by well-meaning dilettantes or intentional disrupters. Constant self-policing is required to ensure its quality.

This lesson was brought home to Wikipedia last December, after a former American newspaper editor lambasted it for an entry about himself that had been written by a prankster. His denunciations spoke for many, who question how something built by the wisdom of crowds can become anything other than mob rule.

The need to formalise open-source practices is at a critical juncture, for reasons far beyond Wikipedia's reputation. Last year a lengthy process began to update the General Public Licence—the legal document which makes available “free software”, such as Linux, an operating system that poses a challenge to Microsoft's dominance. The revision will enable the licence to handle issues such as patents and online services. The drafting process uses the same approach as the software production itself. It relies on an open collaboration that has hundreds of contributors around the world. “What we are actually doing is making a global institution,” says Eben Moglen, a professor at Columbia Law School in New York and the legal architect behind the licence.

One reason why open source is proving so successful is because its processes are not as quirky as they may first seem. In order to succeed, open-source projects have adopted management practices similar to those of the companies they vie to outdo. The contributors are typically motivated less by altruism than by self-interest. And far from being a wide-open community, projects often contain at their heart a small close-knit group.

With software, for instance, the code is written chiefly not by volunteers, but by employees sponsored for their efforts by companies that think they will in some way benefit from the project. Additionally, while the output is free, many companies are finding ways to make tidy sums from it. In other words, open source is starting to look much less like a curiosity of digital culture and more like an enterprise, with its own risks and rewards.

Projects that fail to cope with open source's vulnerabilities usually fall by the wayside. Indeed, almost all of them meet this end. Of the roughly 130,000 open-source projects on SourceForge.net, an online hub for open-source software projects, only a few hundred are active, and fewer still will ever lead to a useful product. The most important thing holding back the open-source model, apparently, is itself.

Just browsing

To get a sense of just how powerful the open-source method can be, consider the Firefox web browser. Over the last three years it has crept up on mighty Microsoft to claim a market share of around 14% in America and 20% in parts of Europe. Firefox is really a phoenix: its code was created from the ashes of Netscape, which was acquired by AOL in 1998 when it was clear that it had lost the “browser war” to Microsoft. Today, the Mozilla Foundation manages the code and employs a dozen full-time developers.

From that core group, the open-source method lets a series of concentric circles form. First, there are around 400 contributors trusted to offer code into the source tree, usually after a two-stage review. Farther out, thousands of people submit software patches to be sized up (a useful way to establish yourself as new programming talent). An even larger ring includes the tens of thousands of people who download the full source code each week to scrutinise bits of it. Finally, more than 500,000 people use test versions of forthcoming releases (one-fifth of them take the time to report problems in bug reports).

Traditional profit-seeking firms cannot usually rely on their customers to play an active role in their product development. In fact, they often strongly resist any such interference. For decades software was “proprietary”, because secret code could not be copied or used without payment. Moreover, the closed approach is seen as a way to prevent exposing possible security flaws. By contrast, open source encourages sharing, and its greater scrutiny may translate into cleaner code. As a cherished open-source adage has it: “Given enough eyeballs, all bugs are shallow.”

The way open-source projects organise themselves is critical to ensuring their quality. Rather than harnessing a magical, bubbling-up of creativity from cyberspace, many open-source projects have established formal, hierarchical governance. “These are not anarchistic things when you look at successful open-source projects—there is real structure, real checks and balances, and real leadership taking place,” explains Josh Lerner, a professor at Harvard Business School.

A good example is MySQL, a type of open-source database software used by companies including Google (to serve up advertisements alongside search results), Yahoo! and Travelocity. The company, founded in 1995, has a hybrid business model. It gives away its software under an open-source licence. At the same time, it sells its software along with maintenance and support contracts. The firm has around 8,000 customers who pay 1-10% of the amount they would spend on proprietary products. Yet for every paying customer, MySQL estimates around 1,000 people use the free version.

“We don't mind,” says Marten Mickos, boss of MySQL since 2001, “they help us with other things.” For example, making the code open encourages a group of users (who may one day become paying customers) to become familiar with it. This creates a talent pool that the firm can draw upon for future employees. Companies developing software products that work with MySQL are potential acquisitions. The community of users freely gives feedback on new features and bugs. It also writes ancillary software and documentation, all of which enhances the value of the core product.

When it comes to the software itself, the company is very much in charge. It rarely accepts code from outside developers (the complexity of database software makes it less amenable to being independently cobbled together). Instead, MySQL employs 60 developers, based in 25 countries, of whom 70% work from home. “We maintain full governance of the source code. That allows us to go to the commercial users of the product and guarantee the product,” explains Mr Mickos. “You could say that this is what they pay for.”

The question of accountability is a vital one, not just for quality but also for intellectual-property concerns. Patents are deadly to open source since they block new techniques from spreading freely. But more troubling is copyright: if the code comes from many authors, who really owns it? This issue took centre stage in 2003, when a company called SCO sued users of Linux, including IBM and DaimlerChrysler, saying that portions of the code infringed its copyrights. The lines of programming code upon which SCO based its claims had changed owners through acquisitions over time; at some point they were added into Linux.

To sceptics, the suit seems designed to thwart the growth of Linux by spreading unease over open source in corporate boardrooms—a perception fuelled by Microsoft's involvement with SCO. The software giant went out of its way to connect SCO with a private-equity fund that helped finance the lawsuits, and it paid the firm many millions to license the code. Fittingly, Microsoft indemnifies its customers against just this sort of intellectual-property suit—something that open-source products are only starting to do.

For the moment, users of Linux say that SCO-like worries have not affected their adoption of open-source software. But they probably would be leery if, over time, the code could not be vouched for. In response, big open-source projects such as Linux, Apache and Mozilla have implemented rigid procedures so that they can attest to the origins of the code. In other words, the openness of open source does not necessarily mean it is anonymous. Strikingly, even more monitoring of operations is required in open source than in other sorts of businesses.

Openness has been both the making of, and a curse to, Wikipedia. In January 2001 Jimmy Wales's plan for an online encyclopedia written entirely by volunteers over the net was foundering. It was called “Nupedia” and contributions were supposed to go through a rigorous editing process by experts. However, after a year only two dozen articles were in. After Mr Wales and the project's co-ordinator, Larry Sanger, heard about so-called “wiki” software—which makes it easy for people jointly to compose and edit web pages—they changed course. Wikipedia was born and opened to anyone. To welcome the masses, the first entry on its “rules to consider” page was “ignore all rules”.

People did. Yet two seemingly contradictory things happened: chaos reigned, and an encyclopedia emerged. So-called “edit wars” dominated the online discussions, biases were legitimised as “another point of view” and specialists openly sneered. Many contributors were driven away by the fractious atmosphere (including Mr Sanger, who went on to pen essays predicting Wikipedia's vulnerability to abuse). Still, the power of decentralised collaboration astounded everyone. After 20 days, the site had over 600 articles; six months later, it had 6,000; by year's end, it totalled 20,000 articles in a plethora of languages (see chart 2).

As problems of vandalism, prejudice and inaccuracy ensued, Mr Wales was reluctant to clamp down. In the end, he had to. The site has set down policies to mediate debates; it has banished unco-operative contributors; it locked down entries that were frequently vandalised (such as one on George Bush)—changes come only from contributors who are designated as leaders on the strength of their work. A blunt new policy was promulgated: “Don't be a dick.” And after the furore over the biographical entry last year, Wikipedia changed its rules so that only registered users can edit existing entries, and new contributors must wait a few days before they can start new ones.

At the source

Other sectors have also begun to adopt open-source approaches. Richard Jefferson, the director of CAMBIA, an Australian non-profit research organisation, manages an initiative for biotechnology that uses an open-source licence. Researchers may freely use the techniques—such as a way to place genes into plants—on condition that they openly share any improvements they devise. Other projects, such as the Tropical Disease Initiative and the Synaptic Leap, are forming along similar lines. Synaptic Leap points out that because it is not motivated by profit, it has no motive to keep secret any fruits derived from collaboration in research on, for example, malaria.

CAMBIA is spending time and money on establishing an elaborate system whereby contributions can be assessed. It would consider numerous factors, such as the experience of the researcher and the ranking of their work by the community, to identify promising techniques and the best avenues of research. “As it works now, you choose the labs you work with and basically know what you are going to get before you start because you know the people,” says Dr Jefferson. “The power of distributed innovation is to be surprised, and hopefully pleasantly surprised.”

Rather than a democracy, open source looks like a Darwinian meritocracy. The tools for extremely productive online collaboration exist. What is still missing are ways to “identify and deploy not just manpower, but expertise,” says Beth Noveck of New York University Law School (who is applying open-source practices to scrutinising software-patent applications, with an eye to invalidating dubious ones). In other words, even though open-source is egalitarian at the contributor level it can nevertheless be elitist when it comes to accepting contributions. In this way, many open-source projects look more hierarchical than the corporate organograms the approach is supposed to have torn up.

Even if the cracks in the management of open source can be plugged by some fairly straightforward organisational controls, might it nevertheless remain only a niche activity—occupying, essentially, the space between a corporation and a commune? There are two doubts about its staying power. The first is how innovative it can remain in the long run. Indeed, open source might already have reached a self-limiting state, says Steven Weber, a political scientist at the University of California at Berkeley, and author of “The Success of Open Source” (Harvard University Press, 2004). “Linux is good at doing what other things already have done, but more cheaply—but can it do anything new? Wikipedia is an assembly of already-known knowledge,” he says.

The second doubt is whether the motivation of contributors can be sustained. Companies are good at getting people to rise at dawn for a day's dreary labour. But the benefit of open-source approaches is that they can tap into a far larger pool of resources essentially at no cost. Once the early successes are established, it is not clear that the projects can maintain their momentum, says Christian Alhert, the director of Openbusiness.cc, which examines the feasibility of applying open-source practices to commercial ventures.

But there are arguments in favour of open source, too. Ronald Coase, a Nobel prize-winning economist, noted that firms will handle internally what it would otherwise cost more to do externally through the market. The open-source approach seems to turn this insight on its head and it does so thanks to the near-zero cost of shipping around data. A world in which communication is costly favours collaborators working alongside each other; in a world in which it is essentially free, they can be in separate organisations in the four corners of the earth.

Perhaps that is why open source is taking up a permanent place as a facet of modern business. As open source begins to look more corporate, corporations themselves are looking to adopt and adapt more open-source practices.

For example, Toyota has organised its teams in ways that stress the same sort of decentralisation, flexibility and autonomy that exist in the Linux community, according to Philip Evans and Bob Wolf of the Boston Consulting Group in an article in the Harvard Business Review last July. As such, conventional companies would do well to embrace the work-style, the authors note, such as sharing knowledge widely, establishing reputation systems, and creating a community in which people work for peer recognition as much as remuneration. The lesson is that companies stand to gain by giving up a degree of control over their proprietary knowledge—or rather, some of their proprietary knowledge.

Strikingly, mainstream technology companies—once the most proprietary outfits of them all—have started to cotton on to this. Sun Microsystems is making its software and even chip designs open, in a bid to save the company's business from competition from open-source alternatives. Even Microsoft has increasingly made some products open to outside review, and released certain code, such as for installing software, free of charge under licensing terms whereby it can be used provided enhancements are shared. “We have quite a few programs in Microsoft where we take software and distribute it to the community in an open-source way,” gushes Bill Hilf, director of platform technology strategy at the company. Open source could enjoy no more flattering tribute than that.[B]

And that's not true of closed-source software? It's true of any software. And the article neglects to mention that propietary software faces many of the same management and development problems as open source, it's just that these processes are cut off from public view.

It also partly misses the key point of open source - that it enables a huge base of scrutiny and talent on which to draw. Thus it greatly improves the safety of software (eg firefox vs IE) , but the article wrongly suggests the opposite.

And it neglects to mention that much of the progress in IT and the internet would not have happened without open source. Eg Apache. Linux, which has generally outstripped progress in the commercial unices and now powers mobile phones, all kinds of domestic devices and embedded systems.

In the end, this is a confused survey, which I suppose reflects the confusion of traditional capitalist enterprise when faced with an entirely different and altogether natural way of producing software.